SSL Certificate Validity Changes from March 2026

Overview

As of 15 March 2026, SSL certificates issued worldwide will begin transitioning to shorter validity periods. This change has been introduced by the CA/Browser Forum and is being adopted across all major certificate authorities and browsers.

Historically, SSL certificates were issued for up to 398 days. Under the new standard, this maximum validity will reduce to 200 days, with further reductions planned over the coming years.

This marks a significant shift in how SSL certificates are issued, renewed, and managed across the industry.

Certificate Lifetime Reduction Schedule

The reduction in certificate validity will occur in stages:

1. Until 15 March 2026, certificates can be issued for up to 398 days

2. From 15 March 2026, certificates will be limited to 200 days

3. From 15 March 2027, certificates will be limited to 100 days

4. From 15 March 2029, certificates will be limited to 47 days

This phased approach is designed to give organisations time to adapt their processes and transition toward automated certificate management.

Why Certificate Lifetimes Are Changing

The move to shorter certificate lifetimes is driven by security and reliability considerations.

Over time, the information contained within a certificate becomes less trustworthy. Shorter lifetimes ensure that certificate data is revalidated more frequently, reducing the risk of outdated or incorrect information being relied upon.

Short-lived certificates also reduce the impact of compromised certificates and lessen reliance on revocation systems, which are not always consistently enforced by browsers.

In addition, the industry is moving toward automated certificate lifecycle management, where certificates are issued, renewed, and deployed without manual intervention.

Impact on Certificate Management

As certificate lifetimes decrease, the frequency of renewals will increase.

1. A certificate that previously renewed once per year will renew approximately twice per year at 200 days

2. At 100 days, renewals will occur multiple times per year

3. At 47 days, certificates may require renewal up to 8 times annually

This does not mean additional purchases are required. Instead, certificates are reissued more frequently within the same subscription period.

What This Means for Customers

Customers who have purchased a 12-month SSL certificate will continue to receive full coverage for the duration of their subscription.

However, instead of receiving a single certificate for the entire term, the certificate will be issued in stages:

1. The initial certificate will be issued for 199 days

2. Prior to expiry, a new CSR must be generated to reissue the certificate

3. The replacement certificate will be issued for the remaining 166 days

At the time of initial issuance, you will receive an enrolment email containing your SSL configuration link. This link is required to generate your CSR and reissue your certificate.

It is important that you retain this email, as you will need to use the same link when reissuing your certificate during the term.

This ensures the full 365 day term is maintained without requiring additional payment.

Manual Certificate Management

For customers managing SSL certificates manually, the reissue process will need to be completed more frequently.

This includes:

1. Generating a new CSR

2. Submitting the CSR using your enrolment link

3. Completing domain or organisation validation if required

4. Downloading the reissued certificate

5. Installing the updated certificate before expiry

As certificate lifetimes continue to decrease, manual processes may become more difficult to maintain and increase the risk of missed renewals or service interruptions.

Automated SSL Management

Customers using automated solutions such as AutoInstall SSL will not need to make any changes.

1. Certificates will be automatically reissued and installed

2. Renewals will occur more frequently in line with industry changes

3. The existing subscription and token remain valid for the full term

Automation ensures certificates remain valid without manual intervention and is becoming the recommended approach across the industry.

Industry Direction

The reduction in certificate lifetimes is part of a broader move toward short-lived, automatically managed certificates.

Industry guidance indicates that as lifetimes approach 100 days and below, automation becomes essential for maintaining service reliability and avoiding operational overhead.

Organisations are encouraged to review their certificate management processes and transition away from manual handling where possible.

Renewal and Billing

There are no changes to billing as a result of these updates.

1. Certificates continue to be purchased on a standard term, such as 12 months

2. Reissued certificates are included within the subscription

3. You must use your original enrolment email and configuration link to complete any required reissues

4. Renewal reminders will continue to be sent at the end of the billing period

Sources

• https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days

• https://www.thesslstore.com/blog/ssl-certificate-validity-is-dropping-to-200-days/

Need Assistance?

If you require assistance with SSL certificate reissue, CSR generation, or enabling automated SSL management, please raise a ticket with our support team in the MySAU Portal